Ensuring the Security of a Data Transmission

1. A method for verifying an identity of a user, wherein the method comprises: a prior step of enrolling a terminal of the user, comprising reading, using a reader distinct from the terminal, a security component of an identity medium of the user so as to provide at least one authentic identity data item of the user, the identity medium being external to the terminal, and storing an identity derived from said at least one authentic identity data item, in storage means of the terminal, in correspondence with a data item specific to the user, and a current step of verifying the identity of the user at the terminal, comprising a strong authentication based on the stored derived identity and on the stored data item specific to the user.

2. The method of claim 1 , wherein the prior enrollment step comprises a determination of the derived identity by combining: the authentic identity data item of the user, and a terminal data item.

3. The method of claim 2 , wherein the storing of associations is implemented in an association module, remote from the terminal.

4. The method of claim 1 , wherein the prior enrollment step comprises an association between: the authentic identity data item of the user, and a terminal data item, said association being stored with data for contacting the terminal via a network to which the terminal is connected.

5. The method of claim 1 , wherein the current verification step comprises: a verification of consistency between the stored data item specific to the user and a data item specific to the user entered by the user by means of the terminal, and a transmission of the derived identity stored in the terminal to a remote verification entity.

6. The method of claim 1 , wherein the current step of verifying the identity of the user comprises: using the data for contacting the terminal via a network to which the terminal is connected, a contacting of the terminal via this network to cause the terminal to ask the user to enter said data item specific to the user, a verification by the terminal of said entered data item specific to the user, if the verification of the entered data item specific to the user is positive, a verification of the stored derived identity, and, if the verification of the derived identity is positive, a validation of the verification of the user identity.

7. The method of claim 1 , wherein said derived identity is stored in storage means of a security element of the terminal.

8. The method of claim 1 , wherein the derived identity is sent to the terminal by an Over the Air technique together with data of an application running on the terminal in order to at least control the storing of the derived identity.

9. The method of claim 8 , wherein the derived identity is transmitted via a platform of a provider of a communication network to which the terminal is connected.

10. The method of claim 1 , wherein, during said current step, the derived identity is sent from the terminal to a verification entity remote from the terminal and is verified by said entity, the verification of the derived identity being validated at said entity if the data item specific to the user was also verified successfully by the terminal.

11. The method of claim 1 , wherein the prior enrollment step comprises a determination of the derived identity by combining: the authentic identity data item of the user, and a terminal data item, and wherein the storing of associations is implemented in an association module, remote from the terminal, and wherein during said current step, the derived identity is sent from the terminal to a verification entity remote from the terminal and is verified by said entity, the verification of the derived identity being validated at said entity if the data item specific to the user was also verified successfully by the terminal, and wherein the remote entity comprises an authentication module cooperating with at least said association module in order to verify the derived identity received from the terminal during the current step.

12. The method of claim 11 , wherein: during said prior step: the terminal sends to an association module remote from the terminal, a terminal data item with the authentic identity data item of the user, the association module determines a derived identity, and communicates said derived identity to the terminal, upon receipt of the derived identity, the terminal executes an application: to store the derived identity and to present an interface to the user, for registering a data item specific to the user, during said current step: on a device connected for a secure transmission of data, the device asks the user for contact data for the terminal via a user interface of the connected device, and the device sends said contact data to a verification entity that is remote from the terminal, the remote verification entity contacts the terminal in order to launch an application on the terminal, initiating operations: asking the user to enter the data item specific to the user via a user interface of the terminal, and if the verification of the data item specific to the user is positive, sending the derived identity from the terminal to the verification entity, in case of successful verification of the derived identity at the verification entity, the verification entity validates the verification of the user identity in order to authorize a data transmission via the connected device.

13. The method of claim 12 , wherein, during said prior step: the association module verifies said identity information with an identity management module, and if the verification is positive, the association module determines a derived identity and communicates said derived identity to the terminal.

14. The method of claim 1 , wherein an identifier is sent with data for contacting the terminal via a network, to a service platform, and if the identity verification is positive in the current step, the user is authorized to access informational data as a function of said identifier.

15. The method of claim 14 , wherein the terminal receives, by interaction with a communicating object, service access data encoding said identifier.

16. The method of claim 15 , wherein the communicating object is a second terminal available to a second user, and able to communicate with the first terminal enrolled during said prior step.

17. The method of claim 14 , wherein the informational data contain at least data specific to a user of the communicating object.

18. The method of claim 14 , wherein said identifier is sent to a service platform, and said service platform verifies said identifier and authorizes an access to said informational data if the verification of said identifier is positive.

19. A method for ensuring the security of a data transmission between a device and a service platform, comprising a verification of the identity of a user of the device according to said current step of the method of claim 1 , the method for ensuring the security comprising: a sending of contact data for the terminal to the service platform, the execution of the current step of identity verification, from the terminal of the user, and if the identity verification is positive, a step authorizing a data transmission between the device and the service platform.

20. A non-transitory computer readable medium storage, with a computer program stored thereon, wherein the computer program comprises instructions for implementing the method according to claim 1 , when this program is executed by a processor.

21. A verification system for implementing at least the current step of the method of claim 1 , comprising means for: contacting the terminal via said network, in order to cause the terminal to query the user, receiving and verifying the derived identity, received from the terminal, and if the verifications of the derived identity and of the data item specific to the user are positive, validating the verification of the user identity.

22. A terminal for implementing a method for verifying an identity of a user, wherein the terminal comprises: storage means for storing an identity derived from at least one authentic identity data item of the user in correspondence with a data item specific to the user, said at least one authentic identity data item of the user is being provided, using a reader distinct from the terminal, by reading a security component of an identity medium of the user, the identity medium being external to the terminal, and computer program instructions which, when said instructions are executed by a processor of the terminal when so requested by a remote entity for verifying said derived identity: cause a user interface to ask the user to enter said data item specific to the user, then verify the consistency between said entered specific data item and the stored specific data item, send the stored derived identity to the remote entity for verification.